mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed use after free of region.

This commit is contained in:
Armin Novak 2017-04-19 14:43:06 +02:00
parent f3e0c95d45
commit 614d5f0a8e
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libfreerdp/gdi/gfx.c
View File

@ -233,6 +233,8 @@ static UINT gdi_SurfaceCommand_Uncompressed(rdpGdi* gdi,
region16_union_rect(&(surface->invalidRegion), &(surface->invalidRegion), region16_union_rect(&(surface->invalidRegion), &(surface->invalidRegion),
&invalidRect); &invalidRect);
IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, 1, &invalidRect);
if (!gdi->inGfxFrame) if (!gdi->inGfxFrame)
{ {
status = CHANNEL_RC_NOT_INITIALIZED; status = CHANNEL_RC_NOT_INITIALIZED;
@ -278,11 +280,12 @@ static UINT gdi_SurfaceCommand_RemoteFX(rdpGdi* gdi,
} }
rects = region16_rects(&invalidRegion, &nrRects); rects = region16_rects(&invalidRegion, &nrRects);
region16_uninit(&invalidRegion);
IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, nrRects, rects); IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, nrRects, rects);
for (x=0; x<nrRects; x++) for (x=0; x<nrRects; x++)
region16_union_rect(&surface->invalidRegion, &surface->invalidRegion, &rects[x]); region16_union_rect(&surface->invalidRegion, &surface->invalidRegion, &rects[x]);
region16_uninit(&invalidRegion);
if (!gdi->inGfxFrame) if (!gdi->inGfxFrame)
{ {
status = CHANNEL_RC_NOT_INITIALIZED; status = CHANNEL_RC_NOT_INITIALIZED;
@ -331,6 +334,7 @@ static UINT gdi_SurfaceCommand_ClearCodec(rdpGdi* gdi,
invalidRect.bottom = cmd->bottom; invalidRect.bottom = cmd->bottom;
region16_union_rect(&(surface->invalidRegion), &(surface->invalidRegion), region16_union_rect(&(surface->invalidRegion), &(surface->invalidRegion),
&invalidRect); &invalidRect);
IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, 1, &invalidRect); IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, 1, &invalidRect);
if (!gdi->inGfxFrame) if (!gdi->inGfxFrame)
@ -377,6 +381,7 @@ static UINT gdi_SurfaceCommand_Planar(rdpGdi* gdi, RdpgfxClientContext* context,
invalidRect.bottom = cmd->bottom; invalidRect.bottom = cmd->bottom;
region16_union_rect(&(surface->invalidRegion), &(surface->invalidRegion), region16_union_rect(&(surface->invalidRegion), &(surface->invalidRegion),
&invalidRect); &invalidRect);
IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, 1, &invalidRect); IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, 1, &invalidRect);
if (!gdi->inGfxFrame) if (!gdi->inGfxFrame)
@ -560,6 +565,7 @@ static UINT gdi_SurfaceCommand_Alpha(rdpGdi* gdi, RdpgfxClientContext* context,
&invalidRect); &invalidRect);
IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, 1, &invalidRect); IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, 1, &invalidRect);
if (!gdi->inGfxFrame) if (!gdi->inGfxFrame)
{ {
status = CHANNEL_RC_NOT_INITIALIZED; status = CHANNEL_RC_NOT_INITIALIZED;
@ -620,12 +626,13 @@ static UINT gdi_SurfaceCommand_Progressive(rdpGdi* gdi,
region16_uninit(&invalidRegion); region16_uninit(&invalidRegion);
return ERROR_INTERNAL_ERROR; return ERROR_INTERNAL_ERROR;
} }
rects = region16_rects(&invalidRegion, &nrRects); rects = region16_rects(&invalidRegion, &nrRects);
region16_uninit(&invalidRegion);
IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, nrRects, rects); IFCALL(context->UpdateSurfaceArea, context, surface->surfaceId, nrRects, rects);
for (x=0; x<nrRects; x++) for (x=0; x<nrRects; x++)
region16_union_rect(&surface->invalidRegion, &surface->invalidRegion, &rects[x]); region16_union_rect(&surface->invalidRegion, &surface->invalidRegion, &rects[x]);
region16_uninit(&invalidRegion);
if (!gdi->inGfxFrame) if (!gdi->inGfxFrame)
{ {